Spinoffs from Spyland

How America’s eavesdropping agency commercializes technology.

It takes more than a little tradecraft to spin off a startup from the National Security Agency.

No such agency: The headquarters of the U.S. National Security Agency in Fort Meade, Maryland.

Chris Lynch, an investor with Atlas Venture, knows this firsthand. Two years ago, he spent weeks trying to sign a deal with nervous NSA programmers who not only were sworn to secrecy but were barred from carrying cell phones at work. There were furtive Skype conversations and parking-lot phone calls that would end after strange clicks.

Eventually, $2 million in seed money was enough to lure five programmers from the NSA. These days they’re working at Sqrrl, a company in Cambridge, Massachusetts, that’s selling a commercial version of the database behind some of the spy agency’s most controversial eavesdropping programs.

“These guys were government hacks working in a cave, and in a highly structured environment,” says Lynch. “Kind of the opposite of an entrepreneur.”

A blistering public debate surrounds the NSA’s secret eavesdropping programs (see “Spying Is Bad for Business”). But what’s less well known is that the agency actively patents inventions and contributes to open-source projects, and that its employees occasionally—so far, very occasionally—emerge from secrecy to create spinoff companies.

More than 4,000 programmers work at the NSA, in addition to 960 PhDs and some 1,000 mathematicians known internally as the “math mafia.” Like other federal agencies, the NSA is compelled by law to try to commercialize its R&D. It employs patent attorneys and has a marketing department that is now trying to license inventions like tamper-­proof bags, secure manhole covers, and a “dispersion system” to make sure shredded documents can’t be pieced back together. One startup, Integrata, based in Maryland, exclusively licensed a patent on how to detect intruders on wireless networks.

Revelations about the extent of NSA spying have only increased demand for just the sorts of technology the agency excels at. And at least one NSA offshoot is developing products expressly to defeat the agency’s snooping.

“We believe government surveillance has gone too far and individuals have lost their right to privacy,” says Will ­Ackerly, who spent eight years building software for the NSA before founding Virtru, a Washington, D.C., company selling a secure file-sharing system that he says could defeat mass surveillance. Ackerly says he took another seven NSA engineers and contractors with him—about half the staff at his startup.

The NSA is one of 16 U.S. government organizations devoted to intelligence gathering (among them, only the CIA is larger). It has a budget of $10.5 billion a year, of which about $500 million is spent on more basic R&D in programming, optics, microelectronics, and quantum computing. The agency claims more than 170 patents, and it is even said to have invented the audiocassette.

But the NSA has faced severe challenges trying to keep up with rapidly changing technology. Back in 1999, a new director, Michael Hayden, began efforts to shed aging spies after scathing reports that the agency was stuck in the “Telex age.” It had failed to predict an Indian nuclear test and couldn’t intercept North Korean signals because they were sent along fiber-optic cables, not over the air.

Most recently, the NSA’s revamp included a sweeping effort to dismantle hundreds of single-purpose databases, or “stovepipes,” and switch to flexible cloud computing, where data is spread across thousands of servers. In fact, in 2008, NSA brass ordered the agency’s computer and information sciences research organization to create a version of the system Google uses to store its index of the Web and the raw images of Google Earth.

That team was led by Adam Fuchs, now Sqrrl’s chief technology officer. Its twist on big data was to add “cell-level security,” a way of requiring a passcode for each data point in a spreadsheet. At the NSA, that’s how software (like the infamous PRISM application) knows what can be shown only to people with top-secret clearance. Similar features could control access to data about U.S. citizens. “A lot of the technology we put [in] is to protect rights,” says Fuchs.

Like other big-data projects, the NSA team’s system, called Accumulo, was built on top of open-source code because “you don’t want to have to replicate everything yourself,” says Fuchs. But participating in the open-source community wasn’t easy. When it came up with improvements, Fuchs’s group had to find a third party to suggest a change without mentioning the NSA. That’s why the NSA eventually decided to open-source Accumulo as well. Even though the move presented risks (coders’ names would be known, and they could become targets of foreign surveillance), the NSA concluded that it would benefit if a wider community of software programmers worked on Accumulo.

In 2011, the NSA released 200,000 lines of code to the Apache Foundation. When Atlas Venture’s Lynch read about that, he jumped—here was a technology already developed, proven to work on tens of terabytes of data, and with security features sorely needed by heavily regulated health-care and banking customers. When Fuchs’s NSA team got cold feet about leaving, says Lynch, “I said ‘Either you do it, or I’ll find five kids from MIT to do it and they’ll steal your thunder.’”

Eventually, Fuchs and several others left the NSA, and now their company is part of a land grab in big data, where several companies, like Splunk, Palantir, and Cloudera, have quickly become worth a billion dollars or more.

Over the summer, when debate broke out over NSA surveillance of Americans and others, Sqrrl tried to keep a low profile. But since then, it has found that its connection to the $10-billion-a-year spy agency is a boost, says Ely Kahn, Sqrrl’s head of business development and a cofounder. “Large companies want enterprise-scale technology. They want the same technology the NSA has,” he says.

The Sqrrl team is working 16-hour days. Fuchs says the pace is far more intense than it was at his old government job. But there are things he misses. His top-secret security clearance is on hold, and he’s no longer part of the mission to protect the country. For the researchers and developers inside the NSA, “it’s hard to empathize with whoever leaves,” says Fuchs. “There’s no system inside the NSA to leave and start companies. We wanted to maintain contacts, but it’s been a challenge.”